The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
The buffer should be big enough to hold the captured data, but it doesn’t need to be big enough to hold the entire on-the-network packet, if we haven’t captured all of it.
For Debian 8 jessie, these problems have been fixed in version 4.9.3-1~deb8u2.
We recommend that you upgrade your tcpdump packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/